General
-
Target
e8c4f2f855064f8bf6b38410efd53e890fa804710e514098235fc0412625f487
-
Size
960KB
-
Sample
230320-qj76nsdf72
-
MD5
4ef80b25f77913bbed5c88c90fb45120
-
SHA1
795b2dff66273a1f7b1c3b739c3f95fb52b85c5f
-
SHA256
e8c4f2f855064f8bf6b38410efd53e890fa804710e514098235fc0412625f487
-
SHA512
324b52a8034bbaf5c0ccb2f9980305f9d388731fbd7119ce614c032066102ba2e68ebfb431a4240606c1a41fda504304c1b6591667801eef3b2d4b9cd5affe1c
-
SSDEEP
24576:eydyIHzM1nSBdIm5St7G/IM1BREip9vF3Mk:tdyITM1nAImVF1sQ9t
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
e8c4f2f855064f8bf6b38410efd53e890fa804710e514098235fc0412625f487
-
Size
960KB
-
MD5
4ef80b25f77913bbed5c88c90fb45120
-
SHA1
795b2dff66273a1f7b1c3b739c3f95fb52b85c5f
-
SHA256
e8c4f2f855064f8bf6b38410efd53e890fa804710e514098235fc0412625f487
-
SHA512
324b52a8034bbaf5c0ccb2f9980305f9d388731fbd7119ce614c032066102ba2e68ebfb431a4240606c1a41fda504304c1b6591667801eef3b2d4b9cd5affe1c
-
SSDEEP
24576:eydyIHzM1nSBdIm5St7G/IM1BREip9vF3Mk:tdyITM1nAImVF1sQ9t
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-